Discovered by a team of cybersecurity experts from Georgia Tech and UC Santa Barbara, Cloak and Dagger carries out malicious activity under the guise of seemingly-innocuous graphics.

Android versions 5.1.1, 6.0.1 and 7.1.2 are all vulnerable to Cloak and Dagger.

"To make things worse, we noticed that the accessibility app can inject the events, unlock the phone, and interact with any other app while the phone screen remains off," researchers said. "That is, an attacker can perform a series of malicious operations with the screen completely off and, at the end, it can lock the phone back, leaving the user completely in the dark."

To avoid downloading the malware, users should check which applications have access to Android's "draw on top" and "a11y" permissions.

"Unfortunately, both permissions are considered 'special' and, for this reason, certain versions of Android may show 'no permission required' even if...the app has access to both the permissions required for our attack," the team explained.

Any app featured in Apple's iOS store has gone through an in-depth analysis - the thorough vetting process blocks "widespread malware infection" among iPhone users.

Applications infected with malware are becoming problematic for app developers and consumers. Cybersecurity experts have warned smartphone owners to refrain from downloading third-party apps from unofficial sources, but the presence of malicious apps in official stores make it difficult for users to identify which ones are trustworthy.